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Real-time detection, enforcement, and remediation without compromising security or performance 


Organizations today are in the constant shadow of evolving and sophisticated cyber threats. In some cases, these 
threats are not only more complex than those of the past, but they are also targeted and rely on newly discovered 
vulnerabilities or exploits. In other cases, threats take advantage of older vulnerabilities that you thought were long 
forgotten. Safeguarding your network assets and data from such threats requires detailed visibility into all your 
network layers and resources. It requires comprehensive, up-to-date security intelligence, and a dynamic approach 
that uses awareness and automation to adapt to new threats, new vulnerabilities, and everyday network changes. 


These vastly different threats require a multi-pronged approach to security. Organizations need robust security 
solutions at the edge of and inside their networks to prevent malicious attacks from getting to critical resources. 
They also need comprehensive threat intelligence to protect against known, unknown, and undisclosed 
vulnerabilities. 





Trend Micro™ TippingPoint™ Threat Protection System (TPS) is a powerful network security platform that offers 
comprehensive threat protection against known and undisclosed vulnerabilities with high accuracy. TippingPoint 
TPS provides industry-leading coverage across different threat vectors from advanced threats, like malware and 
phishing, with extreme flexibility and high performance. The TippingPoint TPS uses a combination of technologies, 
including deep packet inspection, threat reputation, URL reputation, and advanced malware analysis on a flow- 
by-flow basis—to detect and prevent attacks on the network. The TippingPoint TPS enables enterprises to take a 
proactive approach to security, providing comprehensive contextual awareness and deeper analysis of network 
traffic. This complete contextual awareness, combined with the threat intelligence from Trend Micro™ TippingPoint™ 
Digital Vaccine® Labs (DVLabs) provides the visibility and agility necessary to keep pace with today’s dynamic, 
evolving enterprise and data center networks. 























“Trend Micro” Deep Discovery™ was a no brainer. It 
TREND MICRO 


outperformed all competitors and was well-respected by : TIPPINGPOINT 


Gartner™. When Trend Micro purchased TippingPoint, RECOMMENDED RECOMMENDED 
NEXT-GEN IPS 


we knew we had the best of both worlds.?? 


NSS LABS 2018 
Frank Bunton, NGIPS GROUP TEST 
Vice President and CISO, : 
MedIimpact 


Medimpact 
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KEY FEATURES 


TippingPoint Threat Protection Extended to the Cloud: Tre 
TippingPoint, is a powerful, inline security solution that allows enterprises to extend their existing TippingPoint 


network protection to their hybrid cloud environ 


vi 
a 
TippingPoin 
System (SMS). 
T 











ippingPoin 


Performance Scalability: The increase in data c 


ments. Offering comprehensive threat protec 


On-Box SSL Inspection: Sophisticated and targeted attacks are increasingly using encryption 





enter consolidation and proliferation of cloud 


requires security solutions that can scale as network demands increase. TippingPoint TPS deli 


unprecedented security and performance for high-capacity networks with a scalable deployment model 
includes the industry's first 40 Gbps Next-Generation 





with 


nd Micro™ Cloud Network Protection, powered by 


tion-including 


rtual patching, shielding against vulnerabilities, blocking exploits, and defending against known and zero-day 
acks with high accuracy-it provides industry-leading coverage across multiple threat vectors. Apply your 


security controls and policies to your cloud environments via your existing Security Management 


to evade detection. 


TPS reduces security blind spots created by encrypted traffic with on-box SSL inspection. 


environments 
vers 
hat 


ntrusion Prevention System (NGIPS) in a 1U form factor, 
he ability to scale up to 120 Gbps aggregate in a 3U form factor. 


Flexible Licensing Model: Easily scale performance and security requirements with a pay-as-you-grow approach 





and flexible licenses that can be reassigned acro 
infrastructure. 





ss Tip 


pingPoint TPS deployments without changing the network 


Real-Time Machine Learning: Many security threats are short-lived and constantly evolving, at times limiting the 
effectiveness of traditional signature and hash-based detection mechanisms. TippingPoint TPS uses statistical 








models, developed with machine learning techniques, to deliver the ability to detect and mitigate 


time. 


Enterprise Vulnerability Remediation (eVR): Q 
vulnerability assessments with the TippingPoin 


Vulnerabilities and Exposures (CVE®) to TippingPoi 


Advanced Threat Analysis: Extend protection 


™ 


Deep Discovery™ Analyzer. TippingPoint TPS pre-fi 


sandbox analysis, and remediates in real time up 


High Availability: Ideal for inline deployment, Tip 


swappable power supplies, watchdog timers to con 


inspection bypass, and zero power high availabilit 


redundant links in a transparent active-active or ac 





uickly remediate vulnerabilities by integrating 








hreats in real 


third-party 


product portfolio. Customers can pull in information from 
various vulnerability management and incident response vendors (Rapid7®, Qualys®, Tenable®), map Common 


ers known threats, 
on confirmation of malicious content. 


nt Digital Vaccine filters and take action accordingly. 


rom unknown threats through integration with Trend Micro™ 
orwards potential threats 





or automated 


pingPoint TPS has multiple fault-tolerant features, including hot 


nuously monitor security and management engines, built-in 


y (ZPHA). In addition, TippingPoint TPS can be provisioned using 





ive-passive high availability (HA) mode. 





Integrated Advanced Threat Prevention: TippingPoint TPS integrates with Trend Micro” Dee 


advanced threat detection solutions, rated as a“ 





Recommended" breach detection system by 


p Discovery” 
SS Labs!. 


Asymmetric Traffic Inspection: Traffic asymmetry is widespread and pervasive throughout enterprise and 
data center networks. Enterprises must overcome challenges from both flow and routing asymmetry to be able 


to fully protect their networks. By default, Tippin 


traffic, and applies security policies to ensure comprehensive protection. 








gPoint TPS inspects all types o 


Agility and Flexibility: TippingPoint TPS embraces software-defined network protection by dep 


prevention system (IPS) as a service. TippingPoin 
virtualized infrastructure (VMware®, KVM). 





Best-in-Class Threat Intelligence: Trend Micro 
ilters that cover an entire vulnerability to protec 
exploits. In addition to Trend Micro Research, Tip 
information from the Trend Micro™ Zero Day Ini 
day threats. The ZDI is the largest vendor-agnos 








patched by the affected vendors. 





nown threats and relies on vulnerability-based 
a particular vulnerability at the network level rat 














traffic, including asymmetr 


TPS also protects virtualized applications from within you 


Research provides cutting-edge threat analysi 
t against all potential attack permutations, not just specific 
pingPoint customers receive exclusive access to vulnerability 
iative™ (ZDl)-protecting customers from undisclosed and zero- 
ic bug bounty program. With more than 1,045 vulnerabilities 
published in 2019, TippingPoint customers are protected an average of 81 days ahead of a vulnerability being 


C 


oying an intrusion 


s and security 








Virtual Patching: Provides a powerful and scalable frontline defense mechanism that protects networks from 
ilters to provide an effective barrier from all attempts to exploit 
her than the end-user level. This helps enterprises gain control 


of their patch management strategy with pre-emptive coverage between the discovery of a vulnerability and the 
availability of a patch, as well as added protection for legacy, out-of-support software. 


Support for a Broad Set of Traffic Types: The TippingPoint TPS platform supports a wide variety of 
and protocols. It provides uncompromising IPv6/v4 simultaneous pay 
tunneling variants (4in6, 6in4, and 6in6). It also supports inspection o 


mobile IPv4 traffic, GRE and GTP (GPRS tunnelin 
security administrators the flexibility to deploy it 





Centralized Management: The Trend Micro™ Tip 


a unified policy and element management graphical user interface that provides a single mechanism for 
monitoring operational information, editing network security policies, configuring elements, and deploying 





g), and jumbo frames 


s protection wherever it is needed. 





pingPoint™ Security Management System (SM 


network security policy across the entire infrastructure, whether it is physical or virtual. 


1 https://resources.trendmicro.com/2018-NSS-Labs-BDS-Report-Global.html 
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oad inspection and support for related 
IPv6/v4 traffic with VLAN and 
. This breadth of coverage gives IT and 


raffic types 





PLS tags, 


S) delivers 


Key Benefits 


Pre-emptive threat prevention 


TippingPoint TPS, deployed inline, 
has the ability to inspect and block 
all directions of traffic (inbound, 
outbound, and lateral) in real time to 
protect against known, unknown, and 
undisclosed vulnerabilities. 


Threat insight and prioritization 


Visibility and insight is crucial to making 
the best security policy decisions. 
TippingPoint TPS delivers complete 
visibility across your network and 
provides the insight and context 
needed to measure and drive threat 
prioritization. 


Real-time enforcement and remediation 


Defend the network from the edge, to the 
data center, and to the cloud with real- 
time, inline enforcement and automated 
remediation of vulnerable systems. 
TippingPoint TPS achieves a new level 
of inline, real-time protection, providing 
proactive network security for today's 
and tomorrow's real-world network 
traffic and data centers. The Threat 
Suppression Engine (TSE) architecture 
performs high-speed, inline deep packet 
traffic inspection, and the purpose-built 
appliance’s modular design enables 

the convergence of additional security 
Services. 











Operational simplicity 


With flexible deployment options that 
are easy to set up and manage through 
a centralized management interface, 
TippingPoint TPS provides immediate 
and ongoing threat protection with out- 
of-the-box recommended settings. 





TIPPINGPOINT TPS T 


Features 


Supported IPS 
Inspection Throughput 





1100TX 
(TPNNO321) 


250/500 Mbps/1 Gbps 


ECHNICAL SPECIFICATIONS 


5500TX 
(TPNN0322) 


8200TX 
(TPNNOO90) 


1/2/3/5 Gbps 


8400TX 
(TPNNOO91) 





3/5/10/15/20/30/40 Gbps 





SSL Inspection(2K Keys 


Up to 3.5 Gbps (capped by 

















with ECDHE-RSA-AES256- Not available f Up to 8 Gbps (capped by IPS inspection throughput) 
GCM-SHA384) IPS inspection throughput) 

New SSL:Connections:per Not available 3,500 7,000 

Second 

Sl Congunrent Not available 80,000 100,000 

Connections 

Latency <100 us <60 us <40 us 

Concurrent Sessions 15,000,000 30,000,000 120,000,000 

New-Connéctions per 100,000 400,000 650,000 


Second 





MTBF (Mean Time Between 
Failures) 


93,177 hours @ 25°C 
ambient 


75,660 hours @ 25°C 


ambient $096 


ours @ 25°C ambient 





Form Factor 


IRU 


2RU 





Weight 


14.5 Ibs (6.58 Kg) 


32 Ibs (max including IOMs) 


eee) 29 Ibs (w/ blank IOMs) 


50 Ibs (max including IOMs) 
41.5 Ibs (w/ blank IOMs) 





Dimensions (W x D x H) 


18.54" (W) x 17.9 


O" (D) x 1.73" (H) 





47.09 cm x 45.4 


17cm x 4.40 cm 


16.78" (W) x 17.3" (D) x 1.72" (H) 
42.62 cm x 45.00 cmx 4.40 cm 


16.77" (W) x 18.70" (D) x 3.46" (H) 
42.60 cm x 47.50 cm x 8.80 cm 





Management Ports 


One out-of-band 10/100/1000 RJ-45, one RJ-45 serial 





Management Interface 


SMS, local web console, command-line, SNMPv2c, S 





MPv3 (Trend Micro™ TippingPoint™ MIB available) 





Network I/O Module Slots 


1 


2 2 





4 





Network Connectivity 


Mix of modules listed below 





On-Box Storage 


8 GB internal CFAST / 8 GB 
external 1.8" SSD 





32 GB Internal CFAST / 32 
GB External 1.8" SSD 


32 GB hot-swappable 1.8" SSD module 





Voltage 


100-240 VAC, 50-60 Hz 


100 to 240 VAC/-40 to -60 VDC 





Current (max. fused power) 


4-2 A 


12/6 amps AC, 24/16 amps DC 





Max. Power Consumption 


250 W (853 BTU/hour) 


220W (751 BTU/hour) 


750 W (2,557BTU/hour) 





Power Supply 


Single field replaceable 





Dual/ redundant hot- 
swappable/field replaceable 





Dual/redundant hot-swappable 





Operating Temperature 


32°F to 104°F (0°C to 40°C) 





Operating Relative Humidity 


5% to 95% non-condensing 





Non-Operating/Storage 
Temperature 


-49°F to 158°F (-20°C to 70°C) 





Non-Operating/Storage 
Relative Humidity 


5% to 95% non-condensing 














Altitude Up to 10,000 feet above MSL (3,048 m) 
Safety UL 60950-1, IEC 60950-1EN 60950-1,CSA 22.2 60950-1ROHS compliance 
EMC Class A, FCC, VCCI, KC EN55022, CISPR 22, EN55024 CISPR 24, EN61000-3-2 EN61000-3-3, CE marking 
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CLOUD NETWORK IPS TECHNICAL SPECIFICATIONS 


Amazon Web Services (AWS) 








C5.9xlarge and 











Instance Type Cee te: F1.2xlarge 
IPS Inspection Throughput 2.5 Gbps Up to 10 Gbps’ 
Latency <100 us 

Concurrent Connections 7.5M 12 

New Connections Per Second 75,000 100,000 

















*AWS infrastructure may restrict sustained throughput rates to lower amounts. This is specific to the 
Amazon Elastic Compute Cloud (EC2) instance type. For more information, please contact AWS. Note: 
We test using our recommended default policy with representative traffic mixes. Your deployment 
may vary-infrastructure changes, policy, or changes from the representative traffic mix may impact 
your results. Additionally, your EC2 instance type may enforce sustained throughput restrictions. 








VTPS TECHNICAL SPECIFICATIONS 


vTPS Standard vTPS Performance 


250 Mbps/500 Mbps/1 Gbps (VMware, KVM), 2 


Features 


Supported IPS Inspection 


























Throughput Gbps (VMware) 
A 1 Gbps (VMware), 900 
SSL Inspection Not available Mbps (KVM) 
SSL Connections per Second Not available TGO N Mware) 200 
(KVM) 
SSL Concurrent Connections Not available 6500 (VMware, KVM) 
Number of Logical Cores 2or3 4 
Memory 8 GB 16 GB 
Disk Space 16 GB 





120,000 (VMware), 60,000 (KVM) 
10,000,000 (VMware), 1,000,000 (KVM) 
VMWare ESXi 5.5, 6.0, 6.5, 6.7 


IPS Connections per Second 
IPS Concurrent Connections 



































f (NSX is not required for transparent inspection 
MICS aM OLS up Ben and enforcement) & KVM - Redhat Enterprise 
$ For details about what personal information we collect 
Linux 6, T nd T ee i N on Wb ilé at 
VMware- VMNet3 https://www.trendmicro.com/privacy 
Network Drivers 
KVM- virtlO 
Number of Network Segments 1 
Number of Virtual Segments o limit 7} TR E N D. 
Dedicated Management vNIC Yes 





Securing Your Connected World 





TIPPINGPOINT I/O MODULES 


TippingPoint IO Module Description Product SKU 
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TippingPoint IO Module: 6-segment Gig-T Rev B TPNNO196 in s. Informatio 
TippingPoint IO Module: 6-segment GbE SFP TPNNOO68 informa vst wwttrendmire;com i KAE 
TippingPoint IO Module: 4-segment 10 GbE SFP+ TPNNOO6O 

TippingPoint IO Module: 1-segment 40 GbE QSFP+ TPNNOO69 

TippingPoint IO Module: 4-segment Gig-T Bypass TPNNOO7O 

TippingPoint IO Module: 2-segment 1 G Fiber SR Bypass TPNNOO71 

TippingPoint IO Module: 2-segment 1G Fiber LR Bypass TPNNOO72 

TippingPoint IO Module: 2-segment 10 G Fiber SR Bypass TPNNOO73 

TippingPoint IO Module: 2-segment 10 G Fiber LR Bypass TPNNOO74 

TippingPoint IO Module: 1-segment 40GbE LR4 Bypass TPNMO132 

TippingPoint IO Module: 1-segment 40GbE SR4 Bypass TPNMO131 





